Hey all! Glad the issue is sorted for now. I think LDAP is a good idea. It should be easy (?) to configure this. Laura, do you need more permissions to test that out?
Best, Asheesh. On Fri, Jul 26, 2019 at 5:42 PM Andy Simpkins <[email protected]> wrote: > On 26/07/19 17:19, Laura Arjona Reina wrote: > > Sandstorm allows you to define an organization. You can automatically > > apply some settings to all members of your organization. Users within > > the organization will automatically be able to log in, install apps, and > > create grains. > > > > Organization membership > > > > [ ] Users authenticated via email address > > Domain: ____________ > > Users with an email address at this domain will be members of this > > server's organization. > > > > [ ] Users authenticated via Google Apps for Work > > Domain: __________ > > Users with a Google Apps for Work account under this domain will be > > members of this server's organization. > > > > [ ] Users authenticated via LDAP > > Note: disabled because LDAP login is not configured. > > > > [ ] Users authenticated via SAML > > Note: disabled because SAML login is not configured. > > > > From the above, I've just ticked the "[X] Users authenticated via email > > address" and added "debian.org" as domain. > > > > Can you try if it makes a difference in your experience of login in? > > > > That may well have solved my annoyance at time restricted access tokens > (I have closed and reopened browser and site didn't ask me to log in > again). > Obviously I should close session and wait until tomorrow to confirm that > it still 'works' (and then close this 'ticket') > > > > > > and > > > > Would that be enough or would you need people with no @debian.org > > address to access too? > > > I suspect that this is enough for now > > > > > About LDAP, I guess Asheesh knows better about that than me (both in the > > Sandstorm and in the Debian side) so I didn't dare yet to go and try to > > configure the service in Sandstorm (and if it needs some setting in the > > machine, I have no permissions there, I just tweak the web interace), > > but for the case Asheesh cannot find the time to look at this, I will > > try to read the documentation and figure out what can I do (but not > > before debconf19 ends, probably...). > > LDAP may well still be the better option (as opposed to a cookie from a > valid d.o email address). What are your and Asheesh's view on the subject? > > > > > Cheers > > > > Many thanks for your help and fast response > > /Andy >
